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REMARKS/ARGUMENTS 

The following remarks are intended to fully respond to the Final Office Action mailed 
September 30, 2008, hereinafter "Office Action." In the Office Action, claims 1, 3-16, 18-21, 
and 22 were examined, and all claims were rejected. More specifically, claims 1, 9, and 16 were 
rejected under 35 U.S.C. §112 for failing to comply with the written description requirement and 
claims 1, 3-16, 18-21, and 22 were rejected under 35 USC 103(a) as being unpatentable over 
Hanna et al., US Patent No. 6,801,998 (hereinafter "Hanna") in further view of Huitema et al., 
US Patent No. 7,068,789 (hereinafter "Huitema"). 

Although the claims have not been amended in this response, they have been included 
above for convenience. In addition, Applicant assumes that the claim amendments filed on July 
2, 2008 were entered, although the claim amendments themselves were not considered. If the 
claim amendments have not been entered, please enter the claim amendments as presented in the 
previously filed office action response. 

Reconsideration of these rejections, as they might apply to the original and amended 
claims in view of these remarks, is respectfully requested. 

Claim Rejections - 35 USC § 112 

Claims 1, 9 and 16 were rejected under 35 U.S.C. §1 12 as failing to comply with the 
written description requirement. Specifically, claims 1, 9 and 16 were rejected for containing the 
element of " a use policy providing instructions as to how the group identity information may be 
used " which the Office Action alleged was not supported in the specification. As a result, claims 
1, 9, and 16, and their respective dependent claims, were examined without this particular 
element. All of the claims were subsequently rejected based on the previously cited references. 

Contrary to the assertion made in the Office Action that the above recited element is not 
disclosed in the specification, Applicant directs the Examiner's attention to various portions of 
the specification which have been reproduced below. These sections show that the element of "a 
use policy providing instructions as to how the group identity information may be used " is 
clearly supported in the specification. 
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As recited in the specification, identity information is "a collection of information about 
a principal in an identity information system. . ." (Specification, para. [0024]). 

Further, an identity information document is "a subset of identity information for a 
principal transmitted from one device to another..." (Specification, para. [0025]). 

A principal is "any entity capable of acting digitally. Principals include individual 
people, groups or sets of people meaning individuals, households, organizations, [and] explicit 
groups..." (Specification, para. [0026], emphasis added). 

The specification continues by explaining a process to create and save a group 
identity information document. Part of this process includes a generate operation which 
"generates a self-signed group identity information document [from group identity 
information]. . .This document might be an identity information document for the group. . ." 
(Specification, para. [0087] emphasis added). 

The specification also describes a use policy which "conveys the originator's instructions 
to the recipient about the uses to which the contents of the identity information may be put." 
(Specification, para. [0078]). 

From these various excerpts, it is clear that the specification clearly supports the element 
of " a use policy providing instructions as to how the group identity information may be used " as 
recited in independent claims 1, 9, and 16. 

The Office Action argues that paragraph 28 of the specification "recites a use policy 
describing how information may be used but only pertains to self-identity information, not the 
claimed group identity information." (Office Action, pg. 2). However, this paragraph relied on 
does not limit an identity information document to an individual. As evidenced by the 
definitions reproduced above, an identity information document, and a corresponding use policy, 
may also be for a group. 

Because the above recited element is clearly supported by the specification, Applicant 
respectfully requests that the finality of the Office Action be withdrawn and the Examiner 
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consider the arguments made in the previous office action response filed July 2, 2008, which 
have been reproduced below. 

Claim Rejections - 35 USC § 103(a) 

The Examiner rejected claims 1-6, 8-9, 13, 17-19, 21-23, 25-26 and 27 under 35 USC § 
103(a) and being unpatentable over Hanna in view of Huitema. Applicants respectfully traverse 
the § 103(a) rejections of claims 1-6, 8-9, 13, 17-19, 21-23, 25-26 and 27 because the Office 
Action failed to state a prima facie case of obviousness. To establish a prima facie case of 
obviousness under 35 U.S.C. § 103(a), the references must teach or suggest all of the claimed 
limitations to one of ordinary skill in the art at the time the invention was made. M.P.E.P §§ 
2142, 2143.03; In re Royka, 490 F.2d 981, 985 (C.C.P.A. 1974); In re Wilson, 424 F.2d 1382, 
1385 (C.C.P.A. 1970). Further, under KSR Int'l Co. v. Teleflex, Inc., there "must be some 
articulated reasoning with some rational underpinning to support the legal conclusion of 
obviousness." 127 S. Ct. 1727, 1741 (2007). Specifically, the references fail to teach or suggest 
all of the claimed limitations. More particularly, the cited references fail to teach or suggest, at 
least, a use policy providing instructions as to how the group identity information may be used. 
as recited in independent claim 1. 

Hanna relates to a system for determining whether an applicant is a member of a pre- 
established, authorized group without providing the applicant the names of the authorized group 
or groups. The Hanna system comprises a client, an application server, and a group member 
server. (See Hanna, Fig. 1). A client who desires a service that is performed by the application 
server logs on to the application server and requests the service from it. In response, the 
application server requests proof from the client that the client is a member of a group that has 
permission to receive the requested service. (See id., col. 4, 1. 64 - col. 5, 1. 33). However, the 
Hanna system is designed such that it avoids providing the client with information about which 
group or groups are eligible to receive the requested service. Instead, the application server 
provides the client with an encrypted message intended for a group membership server. (See id., 
col. 5, 11. 36-62). The client forwards the encrypted message to the applicable group server 
which decrypts the message to reveal information regarding authorized groups. The group server 
uses this information to determine whether the client is a member of one of the groups or meets 
the criteria for membership in one of the specified groups. (See Id., col. 5, 1. 62 - col. 7, 1. 6). 
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The group server then returns an encrypted message to the application server indicating whether 
or not the client is a member of a group authorized to receive the requested service. Upon 
receipt, the application server decrypts the message and determines whether or not to grant the 
requested service to the client. 

However, Hanna does not teach or suggest a use policy providing instructions as to how 
the group identity information may be used . While Hanna does protect information from 
applicants by withholding the names of authorized groups, the Office Action has failed to show 
that the reference teaches providing instructions on how information may be used after the 
application server determines whether or not to grant required service to an applicant. Thus, the 
reference fails to teach or suggest at least the limitation of a use policy providing instructions as 
to how the group identity information may be used , as recited in independent claim 1. 

Huitema fails to compensate for this deficiency. Huitema relates to "a method for 
ensuring valid and secure peer-to-peer communications in a group structure. Specifically, the 
system of the present invention presents a method of ensuring secure peer-to-peer group 
formation, group member addition, group member eviction, group information distribution, etc." 
(Huitema, Abstract). The Office Action has failed to show that Huitema teaches or suggests a 
use policy providing instructions as to how the group identity information may be used . Thus, 
independent claim 1 is allowable over the cited references. 

For at least the same reasons, independent claim 9 is also allowable over the cited 
reference. Claim 9 recites, inter alia, a group ID generate module generating a group certificate 
comprising at least a public key, a use policy providing instructions as to how the group identity 
information may be used, and a digital signature for the group . Thus, for at least the same 
reasons noted above, independent claim 9 is also allowable over the cited reference. 

Finally, independent claim 16 is also allowable over the cited reference. The Office 
Action summarily rejected claim 16 for the same reasons as claim 9 and simply recites the 
elements of claim 16. (See Office Action, pp. 7-8). In rejecting claim 16, the Office Action 
points to col. 5 of Hanna which states "The client 10, upon receipt of the encrypted group id, 
forwards the same to the default group membership server 16 of the applicable group 
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membership server specified in the message." (Office Action, p. 1 1). However it is unclear how 
this line renders the following obvious. 

Claim 16 recites in part: 

sending a membership certificate to the receiving system to establish the 
originator as a member of the new group at the receiving system; 

generating a personal certificate having at least a public key of the 
originator and a digital signature for the originator signed by the originator with a 
private key associated with the public key of the originator; and 

sending the personal certificate to establish the personal identity of the 
originator at the receiving system. 

Even if one were to assume that the passage of Hanna recited in the Office Action 
is equivalent to "sending the personal certificate to establish the personal identity of the 
originator at the receiving system", which Applicants expressly deny, Hanna still does 
not disclose or suggest "sending a membership certificate to the receiving system to 
establish the originator as a member of the new group at the receiving system" and 
"generating a personal certificate having at least a public key of the originator and a 
digital signature for the originator signed by the originator with a private key associated 
with the public key of the originator" as recited in claim 16. 

Applicants respectfully submit that the Office Action has failed to reject independent 
claim 16 for its failure to address all of its limitations as previously recited. Applicants 
respectfully submit that claim 16 is allowable as previously presented. 

Additionally, claim 16 also recites generating at the initiating system a group certificate 
comprising at least a use policy providing instructions as to how the group identity information 
may be used . Thus, claim 16 is also allowable over the cited references for the reasons discussed 
above with respect to claim 1 and 9. 

For the foregoing reasons, the cited references fail to teach or suggest all of the 
limitations of independent claims 1, 9, and 16 and therefore cannot anticipate or make obvious 
the present invention as claimed. Claims 1, 9, and 16 are allowable over the recited references of 
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record and should be allowed. All other claims, i.e. claims 3-8, 10-15, 18-21, and 22, depend 
from one of the allowable independent claims and are, thus, also allowable over the references of 
record. Therefore Applicants respectfully request that the Examiner issue a notice of allowance 
for all claims at his earliest convenience. 
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CONCLUSION 

This Amendment fully responds to the Final Office Action mailed on September 30, 
2008. Still, that Office Action may contain arguments and rejections that are not directly 
addressed by this Amendment due to the fact that they are rendered moot in light of the 
preceding arguments in favor of patentability. Hence, failure of this Amendment to directly 
address an argument raised in the Office Action should not be taken as an indication that the 
Applicants believe the argument has merit. Furthermore, the claims of the present application 
may include other elements, not discussed in this Amendment, which are not shown, taught, or 
otherwise suggested by the art of record. Accordingly, the preceding arguments in favor of 
patentability are advanced without prejudice to other bases of patentability. 

It is believed that no further fees are due with this Response. However, the 
Commissioner is hereby authorized to charge any deficiencies or credit any overpayment with 
respect to this patent application to deposit account number 13-2725. 



is now in condition for allowance and such action is respectfully requested. Should any 
additional issues need to be resolved, the Examiner may telephone the undersigned to attempt to 
resolve those issues. 



In light of the above remarks and amendments, it is believed that the application 
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